account-abstraction icon indicating copy to clipboard operation
account-abstraction copied to clipboard

Published 20 hours ago • verified publisher icon eth-infinitism

😔 beneficiary attack

Open powerttt opened this issue 9 months ago • 2 comments

When Bundler executes Entrypoint.handleOps, hackers can initiate transactions first by increasing the price of the original trading, such as normal gwei as 3, but after the hacker monitor, GWEI is modified to 3.01, and Set the beneficiary to his own so that he can get the bnb;

The original transaction initiated by the user: 0xf9cf601f3f4a2f3ba9306aea7129175fd1c1b1fe0f9d18b0513cc281d1edabc0, this was replaced, so it failed.

The setting is 4 gwei, and the initiator is 0xca6618e67f8220a68f1c3b5f560fcc938f7ee306, beneficiary set to 0xca6618e67f8220a68f1c3b5f560fcc938f7ee306

beneficiary set to 0xca6618e67f8220A68F1C3B560FCC938F7EE306 Tampered transactions: 0xc0c7d7467830c0786155f398b2cf8a1ae030a2236d14a65ca3d54d880549a7ed, set 4.01 GWEI, and the initiator was tampered with 0xcF09C0bC381E679f0f7f37A46C0AD10758960b4C, Beneficiary set to 0xa169F84e31d4745E83428b412E97621455488D6e;

Is there any solution to avoid being tampered with?

powerttt avatar May 24 '24 13:05 powerttt